OpenInviter Plugin for WordPress contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the program storing user names and passwords in an error file located in /tmp in plaintext. This may allow a remote attacker to gain access to credential information via a third-party program.